[BreachExchange] Ransomware: A Business Designed To Disable Your Business

Audrey McNeil audrey at riskbasedsecurity.com
Fri May 27 14:29:33 EDT 2016


http://www.wilmingtonbiz.com/insights/shaun_olsen/ransomware_a_business_designed_to_disable_your_business/1253

CryptoLocker. CryptXXX. Enigma. Jigsaw. Petya. Reveton. Shujin. These are
the names of just a few strains of ransomware, and a new one seems to pop
up every day.

If you haven't heard of ransomware yet, you undoubtedly will soon. Gone are
the days when your computer was infected with a virus that slowed it down
or made you go to fake webpages. Ransomware doesn't even rest on its
laurels while stealing your data. No, ransomware is much more sinister.

The idea behind ransomware is devilishly simple. It infects a computer with
malware then encrypts the data on it. The user then gets a screen with a
ransom note, demanding payment to decrypt the files.

The first ransomware is believed to have been the AIDS Trojan way back in
1989. This malware infected computers and tossed up a message that licenses
for different software had expired. It then encrypted files and only
released them after a payment of $189. For what it's worth, Joseph Popp,
the creator of the AIDS Trojan, promised to donate money made from it to
AIDS research.

Variations of ransomware made appearances over the years, but it really
took off with CryptoLocker in late 2013, propelled to prominence by
demanding payments in Bitcoin instead of traditional money. The advantage
to getting paid in Bitcoins is that Bitcoin transactions are about as
anonymous as they can be. It's estimated that CryptoLocker netted about $27
million in a matter of days.

There have been a ton of variations of ransomware since then. There's
ransomware that gives you audio instructions, geo-specific ransomware,
ransomware that mocks you. One recent development lets the ransomware sit
on your computer for a specified amount of time before locking your files
so that you can't find a clean backup to restore.

Some ransomware developers even offer tech support. Yes, some
cybercriminals offer tech support because they want to make it easy for you
to pay. They also want to make sure you get your files back. After all, if
it gets out that people aren't able to regain their files after paying a
ransom, victims will stop paying the ransoms, and that's just not good for
the ransomware industry.

More recently, cybercriminals on the Internet black market have begun
selling ransomware kits. You can buy a copy for $3,000, but other
enterprising thieves have come up with more affordable ways to sell it. You
can buy bundles for $400 or even sign up with an affiliate program, where
you and the developer split the ransoms. Developers even offer tech support
and code customization. All of this feeds into the rapid proliferation of
ransomware. It's a big business.

How big? Try an estimated $325 million in 2015, and that's just from
CryptoWall, one of the more pervasive and popular versions. A typical
ransomware demand releases your files for a few hundred bucks, and
sometimes you can even haggle with your captor.

Ransomware hacks are getting bigger and bolder, however. Three hospitals
were infected with ransomware in the last few months. One, Hollywood
Presbyterian Medical Center in Los Angeles, paid as much as $17,000. With
the proliferation of ransomware and the ability to use it without being a
professional computer programmer, as well as higher profile attacks and
larger ransoms, you can be sure that ransomware will get worse before it
gets better.

Your next question is probably, “How does one get infected with
ransomware?” The answer: “Just like you would any other malware.”

It might be an email attachment you shouldn't have opened. Or perhaps you
visited an infected website. Maybe you just forgot to apply a patch to some
software. As long as you're following best practices when it comes to
computer security you should be able to avoid ransomware. Let's be honest
though, how many people actually do that? It couldn't happen to you, right?

The frightening truth is that it happens to literally thousands of people a
month. It doesn't matter if you're a large company or a mom and pop
business. It doesn't matter if you're a student, a librarian, a retail
clerk, a CEO or a politician. Cybercriminals don't care who you are. They
don't (usually) target specific people, so a victim could be anyone who
opens an infected email attachment or who didn't change their router's
default password.

That's the lesson to learn from this. Anybody can become the victim of a
cybercrime. Your computer files can be held ransom for hundreds of dollars,
or your personal info can be stolen and sold on the black market. There's
no reason to make it easier for cybercriminals, so follow good sense
cybersecurity rules. Here are a few:

- Make sure you have a strong password, and use different passwords for
different accounts.
- While we're on the subject of passwords, never use a default password and
change your passwords often.
- Keep your operating system patched and up-to-date.
- Don't open attachments in emails from people you don't recognize.
- Never give out sensitive information such as your Social Security number
or credit card information.
- Enable two factor authentication whenever it's available.
- Use Ad Blocker when browsing the internet. Malicious code can sometimes
be slipped into ads.
- If possible, use image level backups in conjunction with file-level
backups with a retention period longer than a week or whatever you can
afford.
- Make sure your employees adhere to these tips too. Human error is the No.
1 cause of data loss.

In closing, remember, if it is connected to the Internet, it is accessible,
so having your data “onsite” is no safer and, in most cases, is less safe
than having it in a datacenter. Be careful and be safe.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160527/f52ae33b/attachment.html>


More information about the BreachExchange mailing list